CLAIMS 

What is claimed is: 

1 . A method facilitating the classification of web services network traffic, 
comprising 

parsing a web services interface definition document defining the attributes of 
a web service; 

defining at least one traffic class corresponding to the web service; and 
configuring a network traffic classification mechanism to identify the at least 

one traffic class based on at least one attribute obtained from the web services 

definition document. 

2. The method of claim 1 wherein the defining step comprises 

defining a first traffic class corresponding to the web service; 
defining at least a second traffic class corresponding to an attribute of the 
web service; and 

associating the at least a second traffic class as a child traffic class of the first 
traffic class in a hierarchical traffic classification scheme. 

3. The method of claim 2 wherein the attribute in the second defining step is an 
operation of the web service. 

4. The method of claim 2 wherein the attribute in the second defining step is a 
binding supported by the web service. 

5. The method of claim 1 wherein the web services interface definition document is 
a WSDL document. 

6. A method facilitating the classification of web services network traffic, 
comprising 
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monitoring a data communications path for data flows associated with web 
services network traffic; 

maintaining a data structure comprising, for each web service detected in the 
data flows, a web service identifier corresponding to the web service; and 

configuring a network traffic classification mechanism to identify at least one 
web service in the data structure based at least on the web service identifier 
corresponding to the web service. 

7. The method of claim 6 wherein the configuring step comprises 

creating a traffic class identifier corresponding to the web service; 
creating at least one matching rule defining an attribute of the web service; 
associating the at least one matching rule to the traffic class identifier in the 
traffic classification mechanism. 

8. The method of claim 7 wherein the attribute in the second creating step is the 
web service identifier corresponding to the web service. 

9. The method of claim 8 further comprising 

creating at least one additional matching rule defining an attribute of the web 
service. 

10. The method of claim 9 wherein the attribute in the third creating step is a 
protocol associated with the web service. 

1 1 . The method of claim 10 wherein the protocol is a web services protocol. 

12. The method of claim 10 wherein the protocol is the SOAP protocol. 

13. The method of claim 10 wherein the protocol is the HTTP protocol. 
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14. The method of claim 6 further comprising 

maintaining a count of the number of data flows corresponding to each web 
service traversing the communications path. 

15. The method of claim 6 wherein the web service identifier comprises a host 
name. 

16. The method of claim 6 wherein the web service identifier comprises a host name 
and a uniform resource indicator. 

17. The method of claim 6 wherein the configuring step is performed in response to 
a command from an end user. 

18. The method of claim 6 wherein the monitoring step comprises 

upon detection of a new data flow, 

parsing at least one packet in the data flow to identify the protocol 
attributes corresponding to the data flow; 

matching the identified protocol attributes to a predetermined set of 
web services protocol attributes to determine whether the data flow is web services 
web services data flow. 

19. The method of claim 18 wherein the parsing step comprises parsing the at least 
one packet in the data flow into a flow specification, wherein the flow specification 
contains at least one instance of any one of the following: a protocol family 
designation, a direction of packet flow designation, a protocol type designation, a 
binding type, a pair of hosts, a pair of ports, a pointer to a MIME type, a pointer to an 
application-specific attribute. 

20. A method facilitating the classification of web services network traffic, 
comprising 
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monitoring a data communications path for data flows associated with web 
services network traffic; 

maintaining a data structure comprising, for each web service detected in the 
data flows, a web service identifier corresponding to the web service; and 

receiving an interface definition document defining the attributes of a web 
service maintained in the data structure; 

processing the interface definition document to identify at least one traffic 
class corresponding to the web service; and 

configuring a network traffic classification mechanism to identify the at least 
one traffic class based on at least one attribute obtained from the web services 
definition document. 

21 . The method of claim 20 further comprising 

subsequent to the configuring step, processing the latest interface definition 
document corresponding to the web service to determine whether changes to the 
configuration of the network traffic classification mechanism are required. 

22. An apparatus facilitating the classification of web services network traffic, 
comprising 

a packet processor operative to 

detect data flows in network traffic traversing a network; 
a traffic classification database operative to 

match data flows against a plurality of traffic classes, wherein each 
traffic class in the plurality of traffic classes is defined by at least one matching 
attribute; 

a web services classification module operative to 

identify web services in the data flows traversing the network; 
maintain a data structure comprising, for each web service detected in 
the data flows, a web service identifier corresponding to the web service; and 
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create a traffic class in the traffic classification database for a selected 
web service in the data structure, wherein at least one matching rule associated with 
the traffic class includes the web service identifier associated with the web service. 

23. The apparatus of claim 22 wherein the web services classification module is 
further operative to 

receive an interface definition document defining the attributes of the 
selected web service; 

process the interface definition document to identify at least one traffic class 
corresponding to the selected web service; and 

create the at least one traffic class in the traffic classification database, 
' wherein at least one matching rule associated with the corresponding traffic class is 
based on one or more attributes in the interface definition document. 

24. The apparatus of claim 23 wherein the at least one traffic class is identified 
relative to the operations identified in the interface definition document. 

25. The apparatus of claim 23 wherein the at least one traffic class is identified 
relative to the bindings identified in the interface definition document. 

26. An apparatus facilitating the classification of web services network traffic, 
comprising 

a packet processor operative to 

detect data flows in network traffic traversing a network; 
a traffic classification database operative to 

match data flows against a plurality of traffic classes, wherein each 
traffic class in the plurality of traffic classes is defined by at least one matching 
attribute; 

a web services classification module operative to 
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receive an interface definition document defining the attributes of the 
selected web service; 

process the interface definition document to identify at least one traffic 
class corresponding to the selected web service; and 

create the at least one traffic class in the traffic classification 
database, wherein at least one matching rule associated with the corresponding 
traffic class is based on one or more attributes in the interface definition document. 

27. The apparatus of claim 26 wherein the web services classification module is 
further operative to 

28. The apparatus of claim 27 wherein the at least one traffic class is identified 
relative to the operations identified in the interface definition document. 

29. The apparatus of claim 27 wherein the at least one traffic class is identified 
relative to the bindings identified in the interface definition document. 

30. The apparatus of claim 26 wherein the web services classification module is 
further operative to 

identify web services in the data flows traversing the network; 

maintain a data structure comprising, for each web service detected in 
the data flows, a web service identifier corresponding to the web service; and 

optionally create a traffic class in the traffic classification database for 
a selected web service in the data structure, wherein at least one matching rule 
associated with the traffic class includes the web service identifier associated with 
the web service. 
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